In this book Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. No matter if you’re new or experienced in the field; this book gives you everything you will ever need to implement ISO 27001 on your own.

This book is based on an excerpt from Dejan Kosutic's previous book Secure & Simple. It provides a quick read for people who are focused solely on risk management, and don’t have the time (or need) to read a comprehensive book about ISO 27001. It has one aim in mind: to give you the knowledge ...

In this book Dejan Kosutic, an author and experienced information security consultant, is giving away his practical know-how ISO 27001 security controls. No matter if you are new or experienced in the field, this book give you everything you will ever need to learn more about security controls.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO certification audits. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn more about certification audits.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on managing documentation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn on how to handle ISO documents.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO implementation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn about preparations for ISO implementation projects.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on ISO internal audits. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn and more about internal audits.

Author and experienced business continuity consultant Dejan Kosutic has written this book with one goal in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 22301. Without any stress, hassle or headaches.

9 Steps to Cybersecurity from expert Dejan Kosutic is a free eBook designed specifically to take you through all cybersecurity basics in an easy-to-understand and easy-to-digest format. You will learn how to plan cybersecurity implementation from top-level management perspective.

Conformio is a smart online compliance tool – implement and maintain ISO 27001, GDPR, ISO 9001, ISO 14001, or other ISO standards in your company with ease. Streamline your team effort with a single tool for managing documents, projects, and communication.

ISO 27001 Gap Analysis Tool

An ISO 27001 tool, like our free gap analysis tool, can help you see how much of ISO 27001 you have implemented so far – whether you are just getting started, or nearing the end of your journey. The simple question-and-answer format allows you to visualize which specific elements of a information security management system you’ve already implemented, and what you still need to do.

ISO 27001/ISO 22301 Implementation Duration Calculator

This calculator will help you estimate the time needed for your ISO 27001 or ISO 22301 implementation. Since these two standards are equally complex, the factors that influence the duration of both of these standards are similar, so this is why you can use this calculator for either of these standards.

In this online course you’ll learn all you need to know about ISO 27001, and how to become an independent consultant for the implementation of ISMS based on ISO 20700. Our course was created for beginners so you don’t need any special knowledge or expertise.

In this online course you’ll learn all about ISO 27001, and get the training you need to become certified as an ISO 27001 certification auditor. You don’t need to know anything about certification audits, or about ISMS—this course is designed especially for beginners.

Learn everything you need to know about ISO 27001, including all the requirements and best practices for compliance. This online course is made for beginners. No prior knowledge in information security and ISO standards is needed.

In this online course you’ll learn all the requirements and best practices of ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners. No prior knowledge in information security and ISO standards is needed.

ISO 27001/ISO 22301 Knowledge base

Mandatory documents required by ISO 22301

What should your business continuity documentation contain? This is probably what you’re asking yourself if you are implementing ISO 22301, preparing for the internal audit, or preparing for the certification audit.

Unfortunately, ISO 22301 does not have a checklist of all mandatory documentation (like ISO 27001); however, by carefully reading the standard, it is rather easy to conclude which documents and records are mandatory.

ISO 22301 Mandatory documents

So, here’s the list of mandatory documentation for the Business Continuity Management System – BCMS (for a description of each document, download this white paper):

Procedure for identification of applicable legal and regulatory requirements (clause 4.2.2) – defines who is responsible for compliance.

Results of management review (clause 9.3) – usually, this is in the form of minutes or perhaps documented decisions.

Nature of nonconformities and actions taken (clause 10.1) – this is a description of nonconformities, and their cause.

Results of corrective actions (clause 10.1) – this is a description of what has been done to eliminate the cause of a nonconformity.

Just to add here, some requirements can be documented through several other documents – e.g. determining the context of the organization from (requirements of clause 4.1) can be documented through Procedure for identification of requirements, Business continuity policy, Business impact analysis methodology, etc.

On the other hand, you can merge some of these documents into a single document (especially if you are a smaller company) – e.g. you can report the results of business impact analysis and of risk assessment through the Business continuity strategy.

Commonly used non-mandatory BCMS documents

However, the list of documents usually doesn’t end here. In most cases (unless you are a small company), you would use also these documents – although they are not strictly required by the standard:

Implementation plan for achieving the business continuity objectives (clause 6.2)

Training and awareness plan (clauses 7.2 and 7.3)

Procedure for control of documented information (clause 7.5)

Contracts and service level agreements (SLAs) with suppliers and outsourcing partners (clause 8.1)